From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:35787) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aRMnM-0005Aw-Vp for qemu-devel@nongnu.org; Thu, 04 Feb 2016 11:30:17 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aRMnJ-0007lM-9V for qemu-devel@nongnu.org; Thu, 04 Feb 2016 11:30:12 -0500 Received: from mx1.redhat.com ([209.132.183.28]:54778) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aRMnJ-0007lH-4u for qemu-devel@nongnu.org; Thu, 04 Feb 2016 11:30:09 -0500 Received: from int-mx13.intmail.prod.int.phx2.redhat.com (int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26]) by mx1.redhat.com (Postfix) with ESMTPS id CDEBE19EE02 for ; Thu, 4 Feb 2016 16:30:08 +0000 (UTC) Date: Thu, 4 Feb 2016 16:30:05 +0000 From: "Daniel P. Berrange" Message-ID: <20160204163004.GF30301@redhat.com> References: <1454593822-7321-1-git-send-email-berrange@redhat.com> <1454593822-7321-17-git-send-email-berrange@redhat.com> <56B37B66.6010101@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <56B37B66.6010101@redhat.com> Subject: Re: [Qemu-devel] [PATCH v5 16/16] nbd: enable use of TLS with nbd-server-start command Reply-To: "Daniel P. Berrange" List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Eric Blake Cc: Kevin Wolf , Paolo Bonzini , qemu-devel@nongnu.org, Max Reitz On Thu, Feb 04, 2016 at 09:25:10AM -0700, Eric Blake wrote: > On 02/04/2016 06:50 AM, Daniel P. Berrange wrote: > > This modifies the nbd-server-start QMP command so that it > > is possible to request use of TLS. This is done by adding > > a new optional parameter "tls-creds" which provides the ID > > of a previously created QCryptoTLSCreds object instance. > > > > TLS is only supported when using an IPv4/IPv6 socket listener. > > > > Signed-off-by: Daniel P. Berrange > > --- > > > +static QCryptoTLSCreds *nbd_get_tls_creds(const char *id, Error **errp) > > +{ > > + Object *obj; > > + QCryptoTLSCreds *creds; > > + > > + obj = object_resolve_path_component( > > + object_get_objects_root(), id); > > + if (!obj) { > > + error_setg(errp, "No TLS credentials with id '%s'", > > + id); > > + return NULL; > > + } > > + creds = (QCryptoTLSCreds *) > > + object_dynamic_cast(obj, TYPE_QCRYPTO_TLS_CREDS); > > Do we really need the C cast alongside an object_dynamic_cast()? Yes, afraid so - object_dynamic_cast() still returns 'Object *'. There's probably a case to be made that object_dynamic_cast() should be returning 'void *', but I won't change that here. > > +++ b/qapi/block.json > > @@ -146,13 +146,15 @@ > > # QEMU instance could refer to them as "nbd:HOST:PORT:exportname=NAME". > > # > > # @addr: Address on which to listen. > > +# @tls-creds: (optional) ID of the TLS credentials object. Since 2.6 > > Worth a comment that it only works with IPv4/6? Sure, we could do. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|